Configure Azure Permissions - Phenisys/microsoft-teams-observability GitHub Wiki

  1. On a PC with internet access, open Azure Active Directory admin center using its URL address.

  2. Select Dashboard > Overview and copy the Tenant ID.

    Paste it somewhere in the text format (MS Word, OneNote, Notepad, email or else). You need to enter it in the Dynatrace Extension Settings. The Tenant ID allows Extension to identify all your account activities in Microsoft Teams. Basically, the Tenant ID is your directory identification.

  3. On the Overview page, select the App registrations tab on the left.

  4. On the App registrations page, select Endpoints on the top bar.

  5. Copy the OAuth 2.0 token endpoint (v2) URL and close the Endpoints window.

    Get the token URL

    Paste it somewhere in the text format (MS Word, OneNote, Notepad, email or else). You need to enter it in the Dynatrace Extension SettingsOAuth 2.0 token endpoint (v2) allows secure communications between Extension and Microsoft Graph that provides all required data related to the calls in Microsoft Teams.

  6. On the App registrations page, select New Registration on the top bar.

    1. In the Name field, enter Dynatrace.

    2. In the Supported account types section, select Accounts in this organizational directory only.

    3. Select Register.

      Now you have a new application, Dynatrace, registered in the Azure Portal.

  7. Select Dynatrace > Overview page and then copy Application (client) ID.

    Paste it somewhere in the text format (MS Word, OneNote, Notepad, email or else). You need to enter it in the Extension Integration Settings. The Application ID is a unique identifier of Dynatrace application and allows a secure communications with Microsoft Graph that provides all required data related to the calls in Microsoft Teams.

  8. Authentication :

    1. To authenticate Dynatrace application with a client secret, do the following:

      1. Select Certificates & secrets on the left side, then the Client secrets tab and then select New Client Secret, enter a description, an expiration date and select Add to save the settings.

        In the Client secrets window, copy the Value of the client secret.

    2. To authenticate Dynatrace application with a certificate, do the following:

      1. Select Certificates & secrets on the left side, then the Certificates tab, and then select Upload certificate.

      2. Either generate or acquire a valid and not expired certificate.

      3. Select a certificate file with a public key (in either .cer, .pem or .crt format), provide description (optional) and select Add to upload the certificate. Certificate need to use RSA algorithm, not EC/DSA

      4. Prepare a certificate file (in the PEM format) that contains both public and private keys:

      • Make sure the PEM file has the following format:
        • ----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----

  9. Select API permissions on the left side, then select Add a permission > Microsoft Graph > Application permissions.

    ⚠️ Be careful not to select the Delegated permission.

  10. In the Select permissions field, add :

    1. CallRecords.Read.All
    2. ServiceHealth.Read.All
    3. Reports.Read.All

  11. Select Add permissions to save the settings.

  12. Make sure you are on the API permissions page.

  13. In the Configured permissions area, select Grant admin consent and then select Yes to confirm.

    Check that the status is green.

  14. At the end, you need to have the following info :

    1. tenant_id
    2. client_id
    3. client_secret or a certificate in PEM format with private key and public key